Skip to content Skip to sidebar Skip to footer
Home / Linux / Linux Kernel / Python / Raw Sockets / Sockets

Using Socket AF_PACKET / SOCK_RAW But Tell Kernel To Not Send RST

Post a Comment
My question has roughly been discussed here. And the tl;dr solution is to do: iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP And you could modify this to only block the por

Solution 1:

The problem here is that you're asking for a way to tell the kernel in effect "do these 100 things for me, but leave this one particular detail out." Frankly, I think the iptables solution is the easiest and cleanest.

Another option, though, is to not ask the kernel to do all those other bits, and instead to take on more work yourself. Specifically, make up your own IP address, and start using it. The only downside is that you have to take over another important thing that the kernel has been doing for you: responding to ARPs (ARP is used to discover the MAC [Ethernet] address of the station that owns a given IP address). In brief, I'm suggesting you:

  1. Choose an unused IP address on your local subnet.
  2. Make up a MAC address for your use. (Not strictly necessary but will make it easier to distinguish "your" traffic.)
  3. Open a raw packet socket instead of raw IP socket (https://linux.die.net/man/7/packet).
  4. Compose and send an ARP request to discover the MAC address of the station you're sending to (if on local LAN, else the MAC of the next hop [router] IP address).
  5. Receive the ARP reply and record the other station's MAC.
  6. Construct and send your SYN packet from your own MAC address to the MAC of the destination station. (With your chosen source and dest IPs, ports, etc.)
  7. Listen for a return ARP for your IP and reply as needed.
  8. Receive the SYN+ACK response. Since the destination IP address (the one you made up) is not known to the kernel to belong to your system, the kernel will not respond to the SYN+ACK with RST (or anything else).
  9. Do whatever it is you want to do next...

You will of course have to be capturing promiscuously if you use a MAC address other than the one assigned to the interface. That is pretty typical with a raw packet socket. Also, you will be constructing Ethernet header, IP header, and TCP headers for all traffic (well, Ethernet + ARP for the ARP requests) so you will learn a lot.


Post a Comment for "Using Socket AF_PACKET / SOCK_RAW But Tell Kernel To Not Send RST"